Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Designing for Privacy in Mobile and Web Apps - Interaction '14, Amsterdam


Published on

Practice privacy by design, not privacy by disaster!
See the talk here:

Almost every application requires some gathering of personal data today. Where that data is stored, who has access to it, and what is done with that data later on is becoming increasingly important as more and more of our data lives online today. Privacy disasters are costly and can be devastating to a company. UX designers and developers need to have a framework for protecting user data, communicating it to users, and making sure that the entire process is smoothly handled.

This talk covers best practices for designing web and mobile apps with the privacy of individual users in mind. Privacy has been an even bigger issue with location-based apps, and we ran into it head-first when we began work on Geoloqi (now part of Esri). Designing an interface that made one's personal empowering instead of creepy was our goal. The stories from our design decisions with our application will also be included in this talk.

Published in: Design
  • Login to see the comments

Designing for Privacy in Mobile and Web Apps - Interaction '14, Amsterdam

  1. 1. Designing for privacy in mobile and web apps Interaction '14 Amber Case @caseorganic
  2. 2. Part I: Present Day
  3. 3. What is Privacy?
  4. 4. The ability to have control over where your content goes and who it is accessed by.
  5. 5. The ability to choose what content you share, view and access without being tracked.
  6. 6. Privacy is the ability not to be surprised.
  7. 7.
  8. 8. Privacy can also be a feeling or perception of security. This perception of security can be designed.
  9. 9.
  10. 10. Privacy on the Web Old Web: Social silos don't exist. Where you go on the web is not tracked New Web: Logged into FB, Google: everything you look at is tracked
  11. 11. “We invest much of our lives into virtual ‘condos’ that anyone can walk into and do what they like.” -@rahulsen79
  12. 12. We're all sharecropping
  13. 13. Changing user interfaces
  14. 14. How can we design for privacy? 1. Temporary Solution (Privacy by Design) 2. Longer term Solution (Data Ownership) Privacy by Design: Ann Cavoukian, Ph.D. Information & Privacy Commissioner, Ontario, Canada.
  15. 15. Part II: Privacy by Design
  16. 16. Smartphone Cameras
  17. 17. Google Glass
  18. 18. What was different? • Design and product launch • Developer on-boarding fail • Secrecy/Mystery/Exclusivity • Closed system • Too many features • Price
  19. 19. Results • Reduced play • Confusion • Pseudo-elite status • Fear • Speculation
  20. 20. Questions people ask me when I’m wearing Google Glass
  21. 21. Compare to iPhone Developer Launch Development tools available before new hardware/OS released • $99 fee • Launch: many apps • People had phones already
  22. 22. Trying to "Calm" the device Headbanding: “moving one's Glass before entering an establishment"
  23. 23. Half of privacy is perceived The idea of privacy is socially created and attached to behavioral norms. Behavior can change when norms change.
  24. 24. Success Narrative (formerly Memoto)
  25. 25. Why? •Designed •Built to be "calm" upon previous products (iteration) •Clearly defined. (Lifelogging device). •Not at eye level. Small friendly rounded corners •Not immediate (download later)
  26. 26. Part III: Building privacy into mobile and web apps #dataprivacy
  27. 27. 1. Get a privacy policy Privacy policies are regret management tools. Only 30% of mobile app developers have one.
  28. 28. Minimum Viable Privacy Policy: Who you are (identity and contact details), Categories of personal data the app wants to collect/process, Why the data processing is necessary (for what precise purposes), Whether data will be disclosed to which third parties Data withdrawal rights and account deletion policy
  29. 29. 2. Simplify and Consolidate Privacy policies should be easy to understand Create two sections – Plain Text and Legalese
  30. 30. Terms of Service; Didn't Read MEDIUM Reserves the right to use your name and content for any purpose forever, even if they get acquired in the future. Wikia Communities don't own their content and can't transfer it off their site. (thanks!)
  31. 31. How many of you have read the entire iTunes privacy policy?
  32. 32. What about Creative Commons?
  33. 33. 3. Allow people to access / export their data
  34. 34. 4. Privacy by design vs. privacy by disaster Privacy consideration should be incorporated into every aspect of your app. Web, legal, user experience, messaging, marketing and development. Act now or be forced to act later.
  35. 35. 5. Consolidate and simplify settings and permissions Make controls easy to access. On/off switches, simple settings.
  36. 36. 6. Contextual Privacy Instagram, Facebook, Foursquare do this well. Expose privacy controls with every piece of content that can be created or shared
  37. 37. 7. No one is perfect Hosting user data is a privilege, not a right Apologize immediately if you make a mistake. Fix the problem immediately
  38. 38. 8. Authentication and Permissions • Allow for temporary authenticatio n Show data options and time
  39. 39. 8. Authentication and Permissions When in doubt give control
  40. 40. 9. Community Involvement
  41. 41. 10. Be Clever: Accomplish your goals in the least amount of moves* *even/especially if it takes more time to think about the solution.
  42. 42. Part IV: The Future of Privacy and Data Ownership
  43. 43. Easier to Consume vs. Create
  44. 44.
  45. 45. Own your own data Build your own website Use social networks for distribution Web frameworks will emerge that will make this easier
  46. 46. What happened?
  47. 47. Blogs | RSS Readers
  48. 48. 2003: RSS/ATOM WARS
  49. 49. Pingbacks/ Trackbacks: a way to tell if someone linked to your site
  50. 50. Pingback Spam
  51. 51. Picking up from where 2003 left off . Need a way to own our data 1. Learn and improve on what we're doing! 2. Just implement something
  52. 52. POSSE Publish (on your) Own Site, Syndicate Elsewhere Tweet is published to your own site and sent by your domain to Twitter
  53. 53. PESOS Publish Elsewhere, Syndicate (to your) Own Site
  54. 54. Webmentions
  55. 55. Webmentions
  56. 56.
  57. 57. Why do we need an IndieWeb? Afraid of losing your photos and files 1 Frozen account due to violated TOS 2 Lost content due to acquisition 3 Silos profiting off your data 4 The ability to create again
  58. 58.
  59. 59. Freedom! The freedom to decide what content and what types of content to publish, and to store over time Control your UI/UX – you decide Own your content forever
  60. 60. Homestead, don't Sharecrop! A home for your data • Your blog becomes a creative outlet for you + learning place for new stuff • Hyperlinks on the open web, giving web back its richness
  61. 61. Thank you! Interaction '14 Amber Case @caseorganic